From 14305e553c4f71fbeec997d585383c4c6211c1a5 Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 4 Oct 2012 17:29:26 +0200 Subject: don't pull openvpn config from hiera --- puppet/modules/site_config/manifests/eip.pp | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) (limited to 'puppet/modules/site_config') diff --git a/puppet/modules/site_config/manifests/eip.pp b/puppet/modules/site_config/manifests/eip.pp index 56eb1452..c8677696 100644 --- a/puppet/modules/site_config/manifests/eip.pp +++ b/puppet/modules/site_config/manifests/eip.pp @@ -4,7 +4,15 @@ class site_config::eip { $tor=hiera('tor') notice("Tor enabled: $tor") - $openvpn_configs=hiera('openvpn_server_configs') - create_resources('site_openvpn::server_config', $openvpn_configs) - + #$openvpn_configs=hiera('openvpn_server_configs') + #create_resources('site_openvpn::server_config', $openvpn_configs) + + site_openvpn::server_config { 'tcp_config': + port => '1194', + proto => 'tcp' + } + site_openvpn::server_config { 'udp_config': + port => '1194', + proto => 'udp' + } } -- cgit v1.2.3 From b7277a8c666248a2a134f1d5b84c994df9904b7c Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 4 Oct 2012 22:34:20 +0200 Subject: moved most includes to site_config --- puppet/modules/site_config/manifests/init.pp | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 puppet/modules/site_config/manifests/init.pp (limited to 'puppet/modules/site_config') diff --git a/puppet/modules/site_config/manifests/init.pp b/puppet/modules/site_config/manifests/init.pp new file mode 100644 index 00000000..64eb06f4 --- /dev/null +++ b/puppet/modules/site_config/manifests/init.pp @@ -0,0 +1,7 @@ +class site_config { + include apt, lsb, git + + # configure ssh and inculde ssh-keys + include site_config::sshd + +} -- cgit v1.2.3 From fc72260f601fb77b90d9f2f2afd2a43c4d5916f6 Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 4 Oct 2012 22:35:16 +0200 Subject: + site_openvpn::keys --- puppet/modules/site_config/manifests/eip.pp | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'puppet/modules/site_config') diff --git a/puppet/modules/site_config/manifests/eip.pp b/puppet/modules/site_config/manifests/eip.pp index c8677696..6e866b1c 100644 --- a/puppet/modules/site_config/manifests/eip.pp +++ b/puppet/modules/site_config/manifests/eip.pp @@ -1,8 +1,9 @@ class site_config::eip { include site_openvpn + include site_openvpn::keys - $tor=hiera('tor') - notice("Tor enabled: $tor") + #$tor=hiera('tor') + #notice("Tor enabled: $tor") #$openvpn_configs=hiera('openvpn_server_configs') #create_resources('site_openvpn::server_config', $openvpn_configs) -- cgit v1.2.3 From 9fb0bcc2901bf5cf79d3ac0a46c610d302e0df7b Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 4 Oct 2012 22:38:15 +0200 Subject: + site_config::sshd --- puppet/modules/site_config/manifests/sshd.pp | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 puppet/modules/site_config/manifests/sshd.pp (limited to 'puppet/modules/site_config') diff --git a/puppet/modules/site_config/manifests/sshd.pp b/puppet/modules/site_config/manifests/sshd.pp new file mode 100644 index 00000000..8e33ca7f --- /dev/null +++ b/puppet/modules/site_config/manifests/sshd.pp @@ -0,0 +1,8 @@ +class site_config::sshd { + # configure ssh and inculde ssh-keys + include sshd + $ssh_keys=hiera_hash('ssh_keys') + include site_sshd + notice($ssh_keys) + create_resources('site_sshd::ssh_key', $ssh_keys) +} -- cgit v1.2.3 From 1ec1b9b56bc821b81f3797ea158846b41cc03853 Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 4 Oct 2012 23:38:57 +0200 Subject: finished site_openvpn::server_config --- puppet/modules/site_config/manifests/eip.pp | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) (limited to 'puppet/modules/site_config') diff --git a/puppet/modules/site_config/manifests/eip.pp b/puppet/modules/site_config/manifests/eip.pp index 6e866b1c..e6f80d25 100644 --- a/puppet/modules/site_config/manifests/eip.pp +++ b/puppet/modules/site_config/manifests/eip.pp @@ -7,13 +7,19 @@ class site_config::eip { #$openvpn_configs=hiera('openvpn_server_configs') #create_resources('site_openvpn::server_config', $openvpn_configs) - + site_openvpn::server_config { 'tcp_config': - port => '1194', - proto => 'tcp' + port => '1194', + proto => 'tcp', + local => $::ipaddress_eth0_1, + server => '10.42.0.0 255.255.248.0', + push => '"dhcp-option DNS 10.42.0.1"', } site_openvpn::server_config { 'udp_config': - port => '1194', - proto => 'udp' + port => '1194', + proto => 'udp', + local => $::ipaddress_eth0_1, + server => '10.43.0.0 255.255.248.0', + push => '"dhcp-option DNS 10.43.0.1"', } } -- cgit v1.2.3 From b49ab6a1a06bcc31984e09a5371510643eef3c87 Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 4 Oct 2012 23:55:03 +0200 Subject: use different parameter for each config --- puppet/modules/site_config/manifests/eip.pp | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) (limited to 'puppet/modules/site_config') diff --git a/puppet/modules/site_config/manifests/eip.pp b/puppet/modules/site_config/manifests/eip.pp index e6f80d25..9f1c205c 100644 --- a/puppet/modules/site_config/manifests/eip.pp +++ b/puppet/modules/site_config/manifests/eip.pp @@ -9,17 +9,19 @@ class site_config::eip { #create_resources('site_openvpn::server_config', $openvpn_configs) site_openvpn::server_config { 'tcp_config': - port => '1194', - proto => 'tcp', - local => $::ipaddress_eth0_1, - server => '10.42.0.0 255.255.248.0', - push => '"dhcp-option DNS 10.42.0.1"', + port => '1194', + proto => 'tcp', + local => $::ipaddress_eth0_1, + server => '10.1.0.0 255.255.248.0', + push => '"dhcp-option DNS 10.1.0.1"', + management => 'management 127.0.0.1 1000' } site_openvpn::server_config { 'udp_config': - port => '1194', - proto => 'udp', - local => $::ipaddress_eth0_1, - server => '10.43.0.0 255.255.248.0', - push => '"dhcp-option DNS 10.43.0.1"', + port => '1194', + proto => 'udp', + local => $::ipaddress_eth0_1, + server => '10.2.0.0 255.255.248.0', + push => '"dhcp-option DNS 10.2.0.1"', + management => 'management 127.0.0.1 1001' } } -- cgit v1.2.3 From 76f15950d637a79604f6472ba19f662069e59dc8 Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 4 Oct 2012 23:56:36 +0200 Subject: typo in eip.pp --- puppet/modules/site_config/manifests/eip.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'puppet/modules/site_config') diff --git a/puppet/modules/site_config/manifests/eip.pp b/puppet/modules/site_config/manifests/eip.pp index 9f1c205c..2c696d21 100644 --- a/puppet/modules/site_config/manifests/eip.pp +++ b/puppet/modules/site_config/manifests/eip.pp @@ -14,7 +14,7 @@ class site_config::eip { local => $::ipaddress_eth0_1, server => '10.1.0.0 255.255.248.0', push => '"dhcp-option DNS 10.1.0.1"', - management => 'management 127.0.0.1 1000' + management => '127.0.0.1 1000' } site_openvpn::server_config { 'udp_config': port => '1194', @@ -22,6 +22,6 @@ class site_config::eip { local => $::ipaddress_eth0_1, server => '10.2.0.0 255.255.248.0', push => '"dhcp-option DNS 10.2.0.1"', - management => 'management 127.0.0.1 1001' + management => '127.0.0.1 1001' } } -- cgit v1.2.3 From e373def213a4e55c37c7940195ea9cd33e604f2d Mon Sep 17 00:00:00 2001 From: varac Date: Mon, 8 Oct 2012 21:54:34 +0200 Subject: + site_shorewall::eip --- puppet/modules/site_config/manifests/eip.pp | 2 ++ 1 file changed, 2 insertions(+) (limited to 'puppet/modules/site_config') diff --git a/puppet/modules/site_config/manifests/eip.pp b/puppet/modules/site_config/manifests/eip.pp index 2c696d21..95f9dbf4 100644 --- a/puppet/modules/site_config/manifests/eip.pp +++ b/puppet/modules/site_config/manifests/eip.pp @@ -24,4 +24,6 @@ class site_config::eip { push => '"dhcp-option DNS 10.2.0.1"', management => '127.0.0.1 1001' } + + include site_shorewall::eip } -- cgit v1.2.3 From df1cb1b7445adcabbe355290d1e720040b916f6b Mon Sep 17 00:00:00 2001 From: varac Date: Fri, 12 Oct 2012 14:01:11 +0200 Subject: + site_config::resolvconf --- puppet/modules/site_config/manifests/init.pp | 4 ++++ puppet/modules/site_config/manifests/resolvconf.pp | 13 +++++++++++++ 2 files changed, 17 insertions(+) create mode 100644 puppet/modules/site_config/manifests/resolvconf.pp (limited to 'puppet/modules/site_config') diff --git a/puppet/modules/site_config/manifests/init.pp b/puppet/modules/site_config/manifests/init.pp index 64eb06f4..8aa1b54d 100644 --- a/puppet/modules/site_config/manifests/init.pp +++ b/puppet/modules/site_config/manifests/init.pp @@ -1,7 +1,11 @@ class site_config { + # default class, use by all hosts + include apt, lsb, git # configure ssh and inculde ssh-keys include site_config::sshd + # configure /etc/resolv.conf + include site_config::resolvconf } diff --git a/puppet/modules/site_config/manifests/resolvconf.pp b/puppet/modules/site_config/manifests/resolvconf.pp new file mode 100644 index 00000000..ec3ce9e9 --- /dev/null +++ b/puppet/modules/site_config/manifests/resolvconf.pp @@ -0,0 +1,13 @@ +class site_config::resolvconf { + package { 'bind9': + ensure => installed, + } + + $domain_hash = hiera('domain') + $domain = $domain_hash['public'] + + $resolvconf_search = $domain + $resolvconf_domain = $domain + $resolvconf_nameservers = '127.0.0.1 # caching-only local bind:87.118.100.175 # http://server.privacyfoundation.de' + include resolvconf +} -- cgit v1.2.3 From 082efdddf4b5a4c741a655e6833b8d86bb717303 Mon Sep 17 00:00:00 2001 From: varac Date: Fri, 12 Oct 2012 14:44:05 +0200 Subject: ssh_keys -> ssh_pubkeys for clarity --- puppet/modules/site_config/manifests/sshd.pp | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'puppet/modules/site_config') diff --git a/puppet/modules/site_config/manifests/sshd.pp b/puppet/modules/site_config/manifests/sshd.pp index 8e33ca7f..4834bb6f 100644 --- a/puppet/modules/site_config/manifests/sshd.pp +++ b/puppet/modules/site_config/manifests/sshd.pp @@ -1,8 +1,8 @@ class site_config::sshd { # configure ssh and inculde ssh-keys include sshd - $ssh_keys=hiera_hash('ssh_keys') + $ssh_pubkeys=hiera_hash('ssh_pubkeys') include site_sshd - notice($ssh_keys) - create_resources('site_sshd::ssh_key', $ssh_keys) + notice($ssh_pubkeys) + create_resources('site_sshd::ssh_key', $ssh_pubkeys) } -- cgit v1.2.3 From 18482bf1a47474771f72bb92e766bff2781ad3fd Mon Sep 17 00:00:00 2001 From: varac Date: Fri, 12 Oct 2012 15:01:34 +0200 Subject: new resolvconf module uses parameterized class --- puppet/modules/site_config/manifests/resolvconf.pp | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) (limited to 'puppet/modules/site_config') diff --git a/puppet/modules/site_config/manifests/resolvconf.pp b/puppet/modules/site_config/manifests/resolvconf.pp index ec3ce9e9..6536969a 100644 --- a/puppet/modules/site_config/manifests/resolvconf.pp +++ b/puppet/modules/site_config/manifests/resolvconf.pp @@ -4,10 +4,13 @@ class site_config::resolvconf { } $domain_hash = hiera('domain') - $domain = $domain_hash['public'] + $domain_public = $domain_hash['public'] - $resolvconf_search = $domain - $resolvconf_domain = $domain - $resolvconf_nameservers = '127.0.0.1 # caching-only local bind:87.118.100.175 # http://server.privacyfoundation.de' - include resolvconf + # 127.0.0.1: caching-only local bind + # 87.118.100.175: http://server.privacyfoundation.de + class { 'resolvconf': + $domain = $domain_public, + $search = $domain_public, + $nameservers = [ '127.0.0.1', '87.118.100.175' ] + } } -- cgit v1.2.3 From dfe67e888d5ab6b74c0dd9cc7e3d738c07b0ae5d Mon Sep 17 00:00:00 2001 From: varac Date: Fri, 12 Oct 2012 15:06:59 +0200 Subject: fixes resolvconf call --- puppet/modules/site_config/manifests/resolvconf.pp | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'puppet/modules/site_config') diff --git a/puppet/modules/site_config/manifests/resolvconf.pp b/puppet/modules/site_config/manifests/resolvconf.pp index 6536969a..dca48b21 100644 --- a/puppet/modules/site_config/manifests/resolvconf.pp +++ b/puppet/modules/site_config/manifests/resolvconf.pp @@ -8,9 +8,9 @@ class site_config::resolvconf { # 127.0.0.1: caching-only local bind # 87.118.100.175: http://server.privacyfoundation.de - class { 'resolvconf': - $domain = $domain_public, - $search = $domain_public, - $nameservers = [ '127.0.0.1', '87.118.100.175' ] + class { '::resolvconf': + domain => $domain_public, + search => $domain_public, + nameservers => [ '127.0.0.1', '87.118.100.175' ] } } -- cgit v1.2.3 From b297dd3c47a9d23eaba6070555ecec47f3acbcc6 Mon Sep 17 00:00:00 2001 From: varac Date: Fri, 12 Oct 2012 15:09:40 +0200 Subject: add third dns server (swiss privacy found.) --- puppet/modules/site_config/manifests/resolvconf.pp | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'puppet/modules/site_config') diff --git a/puppet/modules/site_config/manifests/resolvconf.pp b/puppet/modules/site_config/manifests/resolvconf.pp index dca48b21..bd0539b9 100644 --- a/puppet/modules/site_config/manifests/resolvconf.pp +++ b/puppet/modules/site_config/manifests/resolvconf.pp @@ -6,11 +6,12 @@ class site_config::resolvconf { $domain_hash = hiera('domain') $domain_public = $domain_hash['public'] - # 127.0.0.1: caching-only local bind + # 127.0.0.1: caching-only local bind # 87.118.100.175: http://server.privacyfoundation.de + # 62.141.58.13: http://www.privacyfoundation.ch/de/service/server.html class { '::resolvconf': domain => $domain_public, search => $domain_public, - nameservers => [ '127.0.0.1', '87.118.100.175' ] + nameservers => [ '127.0.0.1', '87.118.100.175', '62.141.58.13' ] } } -- cgit v1.2.3